51 large

防止 Race-To-Empty 的方法

rubyu2 · 于 发布 · 582 次阅读

方法之一:使用正确的顺序

function withdrawBalance() {  
  amountToWithdraw = userBalances[msg.sender];
  userBalances[msg.sender] = 0;
  if (amountToWithdraw > 0) {
    if (!(msg.sender.send(amountToWithdraw))) { throw; }
  }
}

方法之二:使用Mutexes

function withdrawBalance() {  
  if ( withdrawMutex[msg.sender] == true) { throw; }
  withdrawMutex[msg.sender] = true;
  amountToWithdraw = userBalances[msg.sender];
  if (amountToWithdraw > 0) {
    if (!(msg.sender.send(amountToWithdraw))) { throw; }
  }
  userBalances[msg.sender] = 0;
  withdrawMutex[msg.sender] = false;
}

参考:
http://vessenes.com/more-ethereum-attacks-race-to-empty-is-the-real-deal/

  • 暂无回复。